import { NextResponse } from "next/server";
import { loginSchema } from "@/lib/validation/auth";
import prisma from "@/lib/prisma";
import { verifyPassword } from "@/lib/password";

export async function POST(req: Request) {
  const body = await req.json();
  const parsed = loginSchema.safeParse(body);
  if (!parsed.success)
    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
  const { nickname, password } = parsed.data;
  const user = await prisma.user.findUnique({ where: { nickname } });
  if (!user || !user.passwordHash || !verifyPassword(password, user.passwordHash)) {
    return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });
  }
  const res = NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
  res.headers.append(
    "Set-Cookie",
    `uid=${encodeURIComponent(user.userId)}; Path=/; HttpOnly; SameSite=Lax`
  );
  return res;
}

export async function DELETE() {
  const res = NextResponse.json({ ok: true });
  res.headers.append("Set-Cookie", `uid=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
  return res;
}